General Data Protection Regulation Compliance

Igloo & GDPR

The European Union General Data Protection Regulation (GDPR) has arrived. Igloo is GDPR compliant, and we are committed to helping our customers comply with this legislature through our strong foundation of data governance and championing of privacy.

What is the GDPR, and why is it important?

The GDPR is a regulation put into place by the European Union (EU) as a replacement for the Data Protection Directive. The core purpose is to create a single regulation to safeguard EU citizens’ fundamental right to data protection. The GDPR is coming into effect at a time when consumer sentiments for greater data protection are growing.

73% of respondents are more aware of data breaches than five years ago.

54% are less likely to buy products or services from companies that mishandle data.

62% will blame a company that loses their data before blaming the hackers.

69% have boycotted, or would boycott, a company that disregards protecting customer data.

Failure to comply with the GDPR has significant financial repercussions; fines for minor infringements are the higher of €10M or 2% of revenue, and major infringements are the higher of €20M or 4% of revenue.

What identifying information is processed through Igloo?

As a data processor, Igloo may handle the following information:

Personal Data

Personal data is any identifying information of an individual. Examples would include a user’s name, image, email address, birthday, job title, phone number.

Sensitive Personal Data

Sensitive personal data covers special categories of personal data, specifically racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, and biometric data. While these categories of information are unlikely to be in your digital workplace, Igloo will still prepare for it nonetheless.

Which requests will Igloo be fulfilling?

Igloo will fulfill subject access requests and requests for anonymization from our customers. Igloo will psuedoanonymize user data from a digital workplace, but it will be the customer’s responsibility and discretion to delete data. A request for access is when an employee requests an output that shows, or provides access to, all identifying information in your digital workplace. Igloo will provide a report detailing such.

Igloo will only fulfill requests by an authorized representative of the Igloo customer, not an individual employee. An authorized representative can submit a request for anonymization, or a subject access request, by sending Igloo a support ticket within 72 hours of receiving the request.